U.S. military spy drones will now run on Linux instead of Windows
Jan. 12, 2012
The control of U.S. military spy drones has shifted from Windows to Linux following an embarrassing malware and virus infection on the Windows system.
Ground control systems at Creech Air Force Base in Nevada, which commands the killer unmanned drone aircraft, became largely infected with a nasty virus last September. In a statement at the time, the Air Force dismissed the virus as a mild nuisance and said it posed no threat to the operation of Reaper drones.
However, the intrusion was nonetheless treated seriously. "The ground system is separate from the flight control system Air Force pilots use daily to fly the aircraft remotely. The ability of the pilots to safely fly these unmanned aircraft remained secure throughout the incident," it said.
The initial discovery of the virus was nonetheless hugely embarrassing for the Air Force, and had some top lieutenants at the Pentagone asking some very pointed questions.
The credential-stealing malware made its way from a portable hard drive onto ground systems, which control the drones' various weapons and surveillance functions. Portable disks are then used to load map updates and transfer mission-critical videos from one computer to another, Defense News added.
"The malware was detected on a standalone mission support network using a Windows-based operating system," a U.S. Air Force statement at the time explained.
"The malware in question is a credential stealer, not a keylogger, found routinely on computer networks and is considered more of a nuisance than an operational threat. It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer. Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach."
Unmannded drone aircraft units were advised to stop using the removable drives to prevent another outbreak. Behind the scenes, other changes also appear to have been made-- screenshots of drone control computers uploaded by security researcher Mikko Hypponen suggest that at least some of the consoles have been migrated from Microsoft Windows to the Linux operating system.
Hypponen says "If I would need to select between Windows XP and a Linux based system while building a military system, I wouldn't doubt a second which one I would take-- Linux."
In other internet security news
Computer hackers were successful in getting into Amazon's proxy-based Silk browser compiled into other Android versions of its Kindle Fire tablet, allowing anyone to take advantage of its supposedly secure Amazon Cloud Service used by some enterprises.
This hacking feat requires a rooted device, and some fiddling with so-called APK files, but it does share the Silk browser, nevertheless, and that's what so troubling about this incident. XDA-Developers member TyHi initially hacked the Silk browser into the popular CyanogenMod Android distribution, but others have tested it as well on a wide variety of builds and devices, and they were also successful at breaking into the Amazon Cloud.
Overall, Silk offloads most of the rendering of web pages onto Amazon's cloud service, improving performance and reducing the internet bandwidth required, but it's far from alone in taking that approach.
SkyFire and Bolt work almost the same way, as does Opera's Turbo option, and Opera has even gone on record promising not to misuse the accumulated data.
So the only reason for wanting to run Silk would seem to be a desire to let Amazon know more about one's browsing habits, but the company hasn't accumulated enough information on everything one buys yet, so this could still be a bit early to predict what the outcome will be in the next few months.
So the hack was just to demonstrate what could be done, but for most users, Silk still has little to offer beyond what's already available, with rather less effort.
In other internet security news
Fujitsu said two days ago that it has been commissioned to develop so-called seek and destroy malware, reportedly designed to accurately track and then totally disable the sources of most cyber-attacks that have been on the increase lately.
The cyber-weapon is the result of a three-year $2.3 million project that also involved developing tools capable of monitoring and analyzing the sources of hacking attacks. Deploying the technology would involve clearing both practical and legislative hurdles.
Tracing the exact source of cyber-attacks is inherently difficult, mainly because attackers routinely hide behind botnets and anonymous proxies to launch their attacks, such as denial of service (DoS) assaults. The malware reportedly developed by Fujitsu is designed to trace connections back to their controlling hosts before totally disabling them.
Getting this right is a trivial process and the potential for collateral damage, even before hackers develop countermeasures. Another issue is that, if the tool is ever released, it could fall into the hands of miscreants who might reverse-engineer it before adapting it for their own nefarious purposes.
The malware has reportedly been tested in a "closed network environment". The tool reportedly has the greatest potential in tracking back the sources of DoS attacks. Whether it's any good at the much more difficult process of picking out stealthy industrial espionage-style information-stealing attempts still remains unclear, however.
Currently, Japanese law prohibits offensive responses in retaliation to cyber-attacks, another potential issue but one that's easier to resolve perhaps by updating current laws. The current prohibition has more to do with post-Second World War agreements that restrict Japanese military capabilities than local laws against the creation of computer viruses, however.
Japan is a prime target for cyber-attacks and suffered numerous assaults in 2011. Reported victims include Japan’s parliament and industrial giant Mitsubishi.
The Defense Ministry's Technical Research and Development Institute is understood to have outsourced the development of the tool to Fujitsu. A Defense Ministry official played down talks of offensive applications for the software and said that it was designed for applications such as tracing the source of cyber-attacks against Japanese Self-Defense Force systems.
But Professor Motohiro Tsuchiya of Keio University, a member of a government panel on information security policy, said that Japan ought to accelerate cyber-weapons development.
Fujitsu declined to comment about the supposed cyber-weapon, citing client confidentiality.
In other internet security news
A suspect has been charged by police investigating various Internet attacks allegedly carried out by hacking collective Anonymous against companies and organizations deemed to have acted against the whistleblower website Wikileaks.
Scotland Yard has named 22-year-old student Peter Gibson of Castleton Road, Hartlepool, Cleveland as one of the suspects alleged to have orchestrated DDoS (distributed denial of service) attacks on PayPal, Amazon, Mastercard and Bank of America in December of last year.
Gibson has been charged with conspiracy to do an unauthorised act in relation to a computer, with intent to impair the operation of a computer system or prevent or hinder access to a program or data held in a computer or to impair the operation of any such program or the reliability of such data, said Scotland Yard.
Those are actions that are contrary to Section 1(1) of the Criminal Law Act of 1977, it added.
The Computer Misuse Act, which carries maximum jail sentences of ten years, was not cited by the police.
Gibson is expected to appear at the City of Westminster Magistrates' Court on September 7, 2011.
Detectives at the specialist computer-crime unit quizzed Gibson in April this year. He was one of six people arrested in connection to a U.K. police probe into "Operation Avenge Assange". The five other UK-based men – aged, 15, 16, 19, 20 and 26 were also arrested, following coordinated police raids in the West Midlands, Northants, Herts, Surrey and London, under the Computer Misuse Act in January 2011.
It is alleged that the suspects set off Distributed Denial of Service attacks using a modified piece of open source software known as the Low Orbit Ion Cannon.
The software was used to send a constant stream of data to targeted websites in an effort to greatly slow down or to completely shut down the affected sites.
In July of this year, federal law-enforcement personnel in the U.S. also arrested 16 people accused of carrying out computer crimes that damaged or breached protected systems. Fourteen of these suspects, from ten states across the U.S., were alleged to have been involved in "Operation Avenge Assange".
Anonymous's assault against PayPal, MasterCard, Visa, Amazon, and others was mounted after those companies cut off services to WikiLeaks, following publication by the whistle-blower site of classified U.S. diplomatic memos.
In other internet security news
A police investigator working on Scotland Yard's inquiry into alleged phone-hacking at the now-defunct Sunday tabloid the News of the World was arrested by senior officers from the anti-corruption unit of London's Metropolitan police late last week.
The police said that on Thursday, August 18 they arrested a serving MPS officer from Operation Weeting on suspicion of misconduct in a public office relating to unauthorized disclosure of information as a result of a proactive operation.
They didn't release the name of the officer, who was described as a 51-year-old male detective constable, and Scotland Yard only confirmed he had been arrested after releasing the man on bail until September 29, pending further investigation.
As is customary in such incidents, the officer was suspended from his job the next day. "I made it very clear when I took on this investigation the need for operational and information security. It is hugely disappointing that this may not have been adhered to," said Deputy Assistant Commissioner Sue Akers, who is in charge of Operation Weeting.
"The MPS takes the unauthorized disclosure of information extremely seriously and has acted rapidly in making this arrest," she added.
Meanwhile, a thirty-five-year-old man was also released the next day, after being in police custody on suspicion of conspiring to unlawfully intercept voicemails.
He was bailed to return at a yet-to-be-determined date in October. Reports suggest that former NotW features writer Dan Evans was the man arrested then bailed by police on Friday.
James Desborough, who joined the Sunday tabloid as a reporter in 2005 before being promoted to Hollywood editor in 2009, was also arrested last Thursday as part of the Operation Weeting probe.
Source: The U.S. Air Force.
You can link to the Internet Security web site as much as you like.